<![CDATA[ Fixed: AjaxSearch weird behavior vs dollar sign followed by 2 digits / \$\d{2} / - My Forums]]> https://forums.modx.com/thread/?thread=48127 <![CDATA[Re: Fixed: AjaxSearch weird behavior vs dollar sign followed by 2 digits / \$\d{2} /]]> https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278535
I just found out that I had the same bug in YAMS, but I fixed it using what I believe to be a better method. By using preg_quote, you could potentially end up quoting characters that don’t need to be, which could introduce unwanted slashes into your replacement value. The preg_replacement_quote function provided in the linked blog item just escapes the characters that are special to the replacement field.]]> PaulSuckling May 20, 2010, 07:42 PM https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278535 <![CDATA[Re: Fixed: AjaxSearch weird behavior vs dollar sign followed by 2 digits / \$\d{2} /]]> https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278534
The bug is now registered as AJAXSEARCH-41.

Quick fixes for AjaxSearch 1.8.3a post updated with this fix.]]> coroico Sep 13, 2009, 01:38 PM https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278534 <![CDATA[Re: Fixed: AjaxSearch weird behavior vs dollar sign followed by 2 digits / \$\d{]]> https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278533 mrhaw Sep 11, 2009, 07:06 AM https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278533 <![CDATA[Re: AjaxSearch weird behavior versus dollar sign followed by 2 digits / \$\d{2} /]]> https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278532
Around line 314 of assets\snippets\ajaxSearch\classes\search.class.inc.php, I have inserted a preg_quote before the preg_replace,
        /* -- EDITED by Albert Diones, preventing special characters from preg_replace $replacement --*/
        $quoted_searchTerm=preg_quote($searchTerm);
        $having[]= preg_replace('/word/', $quoted_searchTerm, $havingSubClause);
        /* -- End Edited, original: $having[]= preg_replace('/word/', $searchTerm, $havingSubClause); -- */
]]> albertdiones Sep 11, 2009, 05:43 AM https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278532 <![CDATA[Re: AjaxSearch weird behavior versus dollar sign followed by 2 digits / \$\d{2} /]]> https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278531 Quote from: sottwell at Jul 12, 2009, 06:34 AM

I believe that AjaxSearch can’t do a search on only 3 characters; this is actually a limitation of the database. (unless there is a work-around that I’m not aware of?)

Yeah, 3 is the default minimum character count for it, and it is actually happening on exactly 3 character query, like "$20" , "$50", "$77".]]> albertdiones Jul 12, 2009, 07:25 AM https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278531 <![CDATA[Re: AjaxSearch weird behavior versus dollar sign followed by 2 digits / \$\d{2}]]> https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278530 If you add ’$’ to badwords
If you add: $modRegExArray[] = ’~\$(.*?)~’; // $something
like I did in my config you can exclude it. It will search the word BUT excluding $

//Parameters in snippet call on the results page: &config=`mrhaw` &stripInput=`myOwnStripInput`
my config file inside the config folder is named this mrhaw.config.php - Using AjaxSearch 1.8.1 

<?php
// How to improve the default stripInput function to strip some new input strings ?
// In this example we would like strip +someting+ or *something* input strings
// for that we define a new stripInput function: myOwnStripInput
// we reuse the functions stripslashes, stripTags and stripHtml provided by AS
// we add the function stripOtherTags
// in the snippet call add &stripInput=`myOwnStripInput` or defined it in this config file

$debug = -2; // to allow a debug trace with firePhp

if (!function_exists('myOwnStripInput'))
{
function myOwnStripInput($searchString) {
    if ($searchString !== ''){  

      // Remove escape characters
      $searchString = stripslashes($searchString);

      // Remove modx sensitive tags
      $searchString = stripTags($searchString);

      // Remove +something+ substring too
      $searchString = stripOtherTags($searchString);  

      // Strip HTML tags
      $searchString = stripHtml($searchString);  
      $searchString = stripHtmlExceptImage($searchString);   
    }  
    return $searchString;
  }
}

if (!function_exists('stripOtherTags'))
{
  function stripOtherTags($text){
  // Regular expressions to remove +something+
  $modRegExArray[] = '~\+(.*?)\+~';   // +phx+
  $modRegExArray[] = '~\*(.*?)\*~';   // *something*
  $modRegExArray[] = '~\!(.*?)\!~';   // !snippet!
  $modRegExArray[] = '~\$(.*?)~';   // $something
  // Regular expressions to remove some bad words
  $badWords = array('div','phx','pagetitle','longtitle','getfield');        // any bad words you want
  foreach($badWords as $bw) $modRegExArray[] = '~'.$bw.'~';   
  
  // Remove modx sensitive tags
  foreach ($modRegExArray as $mReg)$text = preg_replace($mReg.'i','',$text);
  return $text;
  }
}
?>


But Susan is right on target because a search with 2 spaces work for a single letter...
and the $ - is doing the same trick as what the spaces did for the search...
]]> mrhaw Jul 12, 2009, 01:53 AM https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278530 <![CDATA[Re: AjaxSearch weird behavior versus dollar sign followed by 2 digits / \$\d{2} /]]> https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278529 sottwell Jul 12, 2009, 01:34 AM https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278529 <![CDATA[Fixed: AjaxSearch weird behavior vs dollar sign followed by 2 digits / \$\d{2} /]]> https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278528 http://modxcms.com/forums/index.php/topic,37607.msg240505.html#msg240505
Hi, I have used AjaxSearch weeks ago and I have found this bug, just realized it would be nice to ask it here.

I was trying out some search terms until I saw something weird when I used the search term "$20", which weirdly showed all of the documents under the parent documents I have specified, sorted by item id

And I have discovered it does do the same thing for each from $10 - $99, but not on $100 and up. I am worried that this kind of behavior can be a glitch that can be used or aid in attacks.

Here is the header form code: (non ajax)
[!AjaxSearch? &tplLayout=`header_form`&ajaxSearch=`0`&AS_landing=`14`&tplResult=`search_result`&tvPhx=`tv:displayTV`&parents=`7,12` !]


Here is the landing page code:(ajax form + non-ajax result[hides on ajax search use])
[!AjaxSearch?tplAjaxResult=`search_result`&tplLayout=`ajax_form`&tvPhx=`tv:displayTV`&parents=`7,12`&withTvs=`+:series,brand,category,artist`!]

[!AjaxSearch?ajaxSearch=`0`&tplResult=`search_result`&tplResults=`non_ajax_results`&AS_showResults=`1`&AS_showForm=`0`&tvPhx=`tv:displayTV`&parents=`7,12`&withTvs=`+:series,brand,category,artist`!]


As it shows above, I did tried to remove the other TVs, but it doesn’t remove this behavior, is there anything wrong with my implementation or something ? thanks in advance.]]> albertdiones Jul 12, 2009, 01:30 AM https://forums.modx.com/thread/48127/fixed-ajaxsearch-weird-behavior-vs-dollar-sign-followed-by-2-digits-d-2#dis-post-278528